Printable View
Nope, if you actually read what I wrote I said it's bad code as you don't do any proper checks on what is being run and always tell the user the mysql_error which they don't need to know.Quote:
Originally Posted by renan7899
You're saying it's a bad code just because I was wrong about error reporting?
Just because it is simple doesn't mean it should be lazily written or give excess information the user doesn't need to see.Quote:
Originally Posted by renan7899It's a basic script, but it does the job.
Quote:
Originally Posted by renan7899You're saying it's a bad code just because I was wrong about error reporting?
It's a basic script, but it does the job.
"I may dislike you due to stupid thing you do..."
I like and dislike many people here, but I don't need to put my personal feelings in a post, you shouldn't too. Hell, you were complaining even about the red text above.
stop fighting at people thread :closedeyes: and back to topic, perhaps someone can fix this scriptQuote:
Originally Posted by das7002Nope, if you actually read what I wrote I said it's bad code as you don't do any proper checks on what is being run and always tell the user the mysql_error which they don't need to know.
Just because it is simple doesn't mean it should be lazily written or give excess information the user doesn't need to see.
Quote:
Originally Posted by hrace009i was modified 343 change password script with 4 digits PIN as security code, but i don't get it working.
here i give full code on that:
Spoiler:
index.php
data.phpPHP Code:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
/*---343 change password script---*/
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Change Password</title>
</head>
<body bgcolor="#161616">
<form name='form1' method='post' action='data.php'>
<b><font color=white>
<table width="337">
<tr>
<th scope="col"><div align="center"><strong>User Name</strong></div></th>
<th scope="col"><div align="center"><strong>:</strong></div></th>
<th scope="col">
<div align="center">
<input name='myusername' type='text' id='myusername' />
</div></th></tr>
<tr>
<th scope="row"><div align="center"><strong>Email Address</strong></div></th>
<td><div align="center"><strong>:</strong></div></td>
<td>
<div align="center">
<input name='email' type='text' id='email' />
</div></td>
<tr>
<th scope="row"><div align="center"><strong>Current Password</strong></div></th>
<td><div align="center"><strong>:</strong></div></td>
<td>
<div align="center">
<input name='oldpassword' type='password' id='oldpassword' />
</div></td>
</tr>
<tr>
<th scope="row"><div align="center"><strong>New Password</strong></div></th>
<td><div align="center"><strong>:</strong></div></td>
<td>
<div align="center">
<input name='newpassword' type='password' id='newpassword' />
</div></td>
</tr>
<tr>
<th scope="row"><div align="center"><strong>Confirm New Password</strong></div></th>
<td><div align="center"><strong>:</strong></div></td>
<td>
<div align="center">
<input name='confirmnew' type='password' id='confirmnew' />
</div></td>
</tr>
</tr>
<tr>
<th scope="row"><div align="center"><strong>Pin</strong></div></th>
<td><div align="center"><strong>:</strong></div></td>
<td>
<div align="center">
<input name='pin' type='password' id='pin' />
</div></td>
</tr>
<tr>
<th colspan="3" scope="row"><div align="center">
<input type='submit' name='Submit' value='Change Password' />
</div></th>
</tr>
</table>
</form>
</body>
</html>
connector.phpPHP Code:<body bgcolor="#161616">
<font color=white>
<style type="text/css">
<!--
body {
background-color: #161616;
background-image: url();
background-repeat: no-repeat;
background-position: center 0;
color: white;
}
A:link {text-decoration: none; color: orange;}
A:visited {text-decoration: none; color: orange;}
A:active {text-decoration: none; color: orange;}
A:hover {text-decoration: underline overline; color: white;}
</style>
<?
/*---343 change password script---*/
require_once("DB.php");
include "connector.php";
$mysql = 'mysql://';
$col = ':';
$at = '@';
$slash = '/';
$dbdsn = $mysql.$DB_User.$col.$DB_Password.$at.$DB_Host.$slash.$DB_Name;
$dbh =& DB::connect($dbdsn);
if (PEAR::isError($dbh)) {
die($dbh->getMessage());
}
$dbh->setFetchMode(DB_FETCHMODE_ASSOC);
$UserName=$_POST['myusername'];
$EMail=$_POST['email'];
$OldPassword=$_POST['oldpassword'];
$NewPassword=$_POST['newpassword'];
$ConfirmNew=$_POST['confirmnew'];
$Pin=$_POST['pin'];
$UserName = stripslashes(StrToLower($UserName));
$EMail = stripslashes(StrToLower($EMail));
$OldPassword = stripslashes($OldPassword);
$NewPassword = stripslashes($NewPassword);
$ConfirmNew = stripslashes($ConfirmNew);
$Pin = stripslashes($Pin);
$UserName = mysql_real_escape_string($UserName);
// $EMail = mysql_real_escape_string($EMail);
$OldPassword = mysql_real_escape_string($OldPassword);
$NewPassword = mysql_real_escape_string($NewPassword);
// $ConfirmNew = mysql_real_escape_string($ConfirmNew);
$Pin = mysql_real_escape_string($Pin);
if (empty($UserName) || empty($EMail) || empty($OldPassword) || empty($NewPassword) || empty($ConfirmNew) || empty($OldPassword))
{
echo "<font color=red>One or more fields are empty.</font><br><input type='button' onClick=location.href='index.php' value='Some data was empty, please fix it'></input><br><br>";
}
ELSE {
//Count String Length
$CountNewPassword = strlen($NewPassword);
IF ($CountNewPassword < 5 OR $CountNewPassword > 10) {
echo "<font color=red>Password Must be at least 5 Characters, and no more than 10. </font><br><input type='button' onClick=location.href='index.php' value='Try Again / Change Your Account Password'></input><br><br>";
}
ELSE {
// Make sure New Password fields match
IF ( $NewPassword !== $ConfirmNew ) {
echo "<font color=red>Confirm New Password Failed. <font color=white>New Password</font> and <font color=white>Confirm New Password</font> Fields Must Match. Please Try Again.</font><br><input type='button' onClick=location.href='index.php' value='Try Again / Change Your Account Password'></input><br><br>";
}
ELSE {
//Count Pin Length
$Pin = strlen($Pin);
IF ($Pin < 4 OR $Pin > 4) {
echo "<font color=red>Pin must have 4 digits.</font><br><input type='button' onClick=location.href='index.php' value='Try Again / Change Your Account Password'></input><br><br>";
}
ELSE {
//Encrypt Password and Username
$EncryptOldPassword = "0x" . md5($UserName . $OldPassword);
$EncryptNewPassword = "0x" . md5($UserName . $NewPassword);
$GetIP=$_SERVER['REMOTE_ADDR'];
$GetAccountInfo = Mysql_Query("SELECT * FROM users WHERE name = '$UserName'");
$GetAccountNum = Mysql_Num_Rows($GetAccountInfo);
IF ($GetAccountNum == 1) {
$GetAccountArray = Mysql_Fetch_Array($GetAccountInfo);
$GetPassword = $GetAccountArray['passwd'];
$GetEmail = $GetAccountArray['email'];
$GetPin = $GetAccountArray['qq'];
$GetPassword = addslashes($GetPassword);
$GetEmail = addslashes($GetEmail);
$GetPin = addslashes($GetPin);
$rs = mysql_query("SELECT fn_varbintohexsubstring (1,'$GetPassword',1,0) AS result");
$rs2 = mysql_query("SELECT '$GetEmail' AS result2");
$rs3 = mysql_query("SELECT '$GetPin' AS result3");
$GetResult = Mysql_Fetch_Array($rs);
$GetResultEmail = Mysql_Fetch_Array($rs2);
$GetResultPin = Mysql_Fetch_Array($rs3);
$CheckPassword = $GetResult['result'];
$CheckEmail = $GetResultEmail['result2'];
$CheckPin = $GetResultPin['result3'];
IF ($EMail == $CheckEmail) {
IF ($Pin == $CheckPin) {
IF ($EncryptOldPassword == $CheckPassword) {
Mysql_Query("CALL changePasswd ($GetAccountInfo->quoteSmart'$UserName', $EncryptNewPassword)");
Mysql_Query("CALL changePasswd2 ($GetAccountInfo->quoteSmart'$UserName', $EncryptNewPassword)");
echo "<font color='green' size='+2'>Password for Account: <font color=red>$UserName</font> has been changed</font><br><input type='button' onClick=location.href='index.php' value='Go Back'></input><br><br>";
}
ELSE {
echo "<font color=red>Account Information is Incorrect! </font><br><input type='button' onClick=location.href='index.php' value='Try Again / Change Your Account Password'></input><br><br>";
}
}
}
ELSE {
echo "<font color=red>Account Information is Incorrect! </font><br><input type='button' onClick=location.href='index.php' value='Try Again / Change Your Account Password'></input><br><br>";
}
}
}
}
}
}
?>
PHP Code:<?php
/*---343 change password script---*/
/*-------Config MySQL Database-------*/
$DB_Host = "localhost"; // localhost or your IP for MySQL
$DB_User = "root"; // Database username
$DB_Password = "root"; // Database password
$DB_Name = "data"; // Database name
$ServerIP = "localhost"; // WAN IP (Public IP) or DOMAIN NAME of your Server
$LanIP = "localhost"; // LAN IP of your Server
$ServerPort = "29000"; // PW Server Port
$top=50; // How many top players to show (on rank page)
/*-------END User Config-------*/
$db_link = mysql_connect($DB_Host, $DB_User, $DB_Password);
$db = mysql_select_db("$DB_Name", $db_link);
// security check for http_get variables to prevent injections
foreach ($_GET as $key => $value)
{
$_GET[$key] = mysql_real_escape_string($value, $db_link);
}
// security check for http_get variables to prevent injections
foreach ($_POST as $key => $value)
{
$_POST[$key] = mysql_real_escape_string($value, $db_link);
}
?>
can someone tell me what i'am miss in that code :wink:
DB.php - And where is the file?Code:require_once("DB.php");
that was pear, you must install pear firstQuote:
Originally Posted by PiladDB.php - And where is the file?Code:require_once("DB.php");
apt-get install php-pear